Accepting request 678281 from home:olh:branches:Base:System

- Allow coredumps in X11 desktop sessions (bsc#1124847) gpg-agent unconditionally disables coredumps, which is not supposed to happen in the code path that does just exec(argv[]) gnupg-gpg-agent-ulimit.patch OBS-URL: https://build.opensuse.org/request/show/678281 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=221
2019-02-26 17:21:53 +00:00 · 2019-02-26 17:21:53 +00:00 · 637188eb82
commit 637188eb82
parent b8b9908935
3 changed files with 45 additions and 0 deletions
--- a/gnupg-gpg-agent-ulimit.patch
+++ b/gnupg-gpg-agent-ulimit.patch
@ -0,0 +1,35 @@
+gpg-agent is in the chain of commands in xinitrc.
+It receives a list of commands via argv[] which it is supposed to launch via exec.
+In this mode all what matters is a bunch of setenv() of gpg related variables.
+At no point it must fiddle with ulimit that was provided by its callers.
+In case of xinitrc it was most likely pam_limits which, for example, configured the coredump settings for this session.
+
+Every code path before the fork() call does no sensitive things, so coredumps do not matter.
+
+gpg-agent does fork a child in this mode.
+That child has the liberty to tweak ulimit in every way it wants.
+This is what this patch does.
+
+Without this patch, all applications launched after gpg-agent are unable to coredump, because systemd-coredump check the ulimit of the crashed process.
+As a result, crashes of desktop applications can not be debugged.
+
+References: bsc#1124847
+
+--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
+@@ -1049,7 +1049,6 @@ main (int argc, char **argv )
+   gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
+   gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
+ 
+-  disable_core_dumps ();
+ 
+   /* Set default options.  */
+   parse_rereadable_options (NULL, 0); /* Reset them to default values. */
+@@ -1738,6 +1737,7 @@ main (int argc, char **argv )
+       /*
+          This is the child
+        */
+      disable_core_dumps ();
+ 
+       initialize_modules ();
+ 
--- a/gpg2.changes
+++ b/gpg2.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Feb 22 19:30:29 UTC 2019 - olaf@aepfle.de
+
+- Allow coredumps in X11 desktop sessions (bsc#1124847)
+  gpg-agent unconditionally disables coredumps, which is not
+  supposed to happen in the code path that does just exec(argv[])
+  gnupg-gpg-agent-ulimit.patch
+
 -------------------------------------------------------------------
 Wed Feb 13 06:12:32 UTC 2019 - Karol Babioch <kbabioch@suse.de>

--- a/gpg2.spec
+++ b/gpg2.spec
@ -29,6 +29,7 @@ Source2:        ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
 Source3:        %{name}.keyring
 Source4:        scdaemon.udev
 Source99:       %{name}.changes
+Patch1124847:   gnupg-gpg-agent-ulimit.patch
 Patch4:         gnupg-2.0.9-langinfo.patch
 Patch5:         gnupg-2.2.8-files-are-digests.patch
 Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
@ -79,6 +80,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library.

 %prep
 %setup -q -n gnupg-%{version}
+%patch1124847 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1